If your account is set up set up with a default KMS key and
fs.s3a.server-side-encryption.key is unset, the default key will be
used.

Alternatively, organizations may define a default key in the Amazon KMS; if a
default key is set, then it will be used whenever SSE-KMS encryption is chosen and the
value of fs.s3a.server-side-encryption.key is empty.